From owner-freebsd-questions Tue Jan 28 1:52:21 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1D04937B401 for ; Tue, 28 Jan 2003 01:52:20 -0800 (PST) Received: from rhadamanth.submonkey.net (pc1-cdif2-5-cust47.cdif.cable.ntl.com [81.101.150.47]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6A40943F3F for ; Tue, 28 Jan 2003 01:52:19 -0800 (PST) (envelope-from setantae@submonkey.net) Received: from setantae by rhadamanth.submonkey.net with local (Exim 4.12) id 18dSPi-0000kg-00; Tue, 28 Jan 2003 09:52:18 +0000 Date: Tue, 28 Jan 2003 09:52:18 +0000 From: Ceri Davies To: Chuck Swiger Cc: freebsd Questions Subject: Re: sandboxing named... Message-ID: <20030128095218.GB2628@submonkey.net> References: <3E362707.2090809@mac.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3E362707.2090809@mac.com> X-message-flag: All your linuxconf-configured redhat are belong to us. X-message-flag-attribution: suresh, sdm. User-Agent: Mutt/1.5.3i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, Jan 28, 2003 at 01:45:27AM -0500, Chuck Swiger wrote: > I believe the normal way to chroot named in FreeBSD is something like: > > named_enable="YES" > named_flags="-u bind -g bind -t /etc/namedb -c named.conf" > > ...in /etc/rc.conf. When doing so, the following seems to make life > much better for ndc and the config file: > > mkdir /etc/namedb/etc > mkdir /etc/namedb/var > mkdir /etc/namedb/var/run > ln -s / /etc/namedb/etc/namedb > ln -s /etc/namedb/var/run/ndc /var/run/ndc Please read the section on this in the handbook. Ceri -- The brothers of the fire have brought your fate! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message